SiliconANGLE theCUBE - Joe Sullivan & Joni Klippert at RSAC 2026

At RSAC 2026, Joni Klippert and Joe Sullivan discussed how AI-powered code generation is rapidly outpacing traditional application security. They highlighted growing risks from agentic AI, massive security backlogs, and the widening gap between attackers and defenders. The conversation also explored how StackHawk is embedding AI-driven vulnerability detection directly into developer workflows to help security scale alongside modern engineering.

Transcript

In this interview from RSAC 2026, Joni Klippert, founder and chief executive officer of StackHawk, joins Joe Sullivan, board member at StackHawk, to talk with theCUBE's Dave Vellante about how AI-accelerated code generation is outpacing traditional application security. Klippert traces StackHawk's origins to a core frustration: runtime testing was happening in production, far too late, generating backlogs developers couldn't clear. She details how one financial services customer went from 25,000 lines of code a month to 300,000 after adopting AI coding tools — then sat on a million-line backlog it couldn't deploy. Sullivan, drawing on his tenure as chief security officer of Facebook, Uber and Cloudflare, explains why the gap between attackers and defenders is widening: bad actors adopt AI instantly, while security teams must test, validate and manage risk before deploying anything.

The conversation also explores OpenClaw as a defining moment for the security community, with Sullivan comparing its impact to ChatGPT's public debut — exposing agentic AI risks that were anticipated but arrived faster than defenses could be built. He argues that traditional perimeter controls, which simply admit or deny access at the door, are no longer sufficient when AI agents can cause real-time damage once inside a system. Klippert explains how StackHawk's portable, code-configured scanner is designed precisely for this environment, enabling agentic DAST that embeds vulnerability detection and auto-remediation directly inside tools like Cursor and Claude — eliminating the ticket workflow entirely. Both guests note that security budgets are holding firm and capturing a disproportionate share of enterprise spend, while the AppSec staffing math has shifted dramatically: a 1:100 professional-to-engineer ratio is now effectively 1:1,000 as non-engineers generate code at scale. From StackHawk's late series B pivot toward enterprise sales to a clear message for CEOs and boards, the discussion makes the case that application security must scale in lockstep with engineering investment.